Sean

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** In the KVM nSVM component, an issue exists where the current RIP (Instruction Pointer) is incorrectly used as the NextRIP in `vmcb02` after the first L2 VMRUN. For guests with NRIPS disabled, L1 does not provide NextRIP when running an L2 with an injected soft interrupt, leading KVM to use the current RIP to emulate a CPU without NRIPS. After the initial L2 run, the CPU or KVM updates NextRIP, making the current RIP an incorrect value for `vmcb02`. This logic also affects the `soft int next rip` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** An issue exists in the KVM nSVM component where a VMMCALL is not properly handled when L2 is active, L1 does not want to intercept the VMMCALL, `nested svm l2 tlb flush enabled()` is true, and the hypercall is not a supported Hyper-V hypercall. In this scenario, KVM intercepts the VMMCALL but fails to forward it to L1, allowing L2 to make hypercalls as if it were L1. The expected architectural behavior is to raise a #UD (Undefined Opcode) exception if the VMMCALL is not intercepted. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** In the KVM SVM component, the `INVLPGA` instruction fails to trigger an invalid opcode exception (#UD) when the `EFER.SVME` variable is not set. This occurs because the system does not properly check if `EFER.SVME` equals 0 before executing the instruction. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libwmf version 0.2.8.4 **Description** The issue is related to an integer overflow in the player.c file of libwmf, which can be exploited by remote attackers to execute arbitrary code. This is achieved through the MaxRecordSize header field in a WMF file. The affected products include wv, abiword, freetype, gimp, libgsf, and imagemagick. **Recommendations** For libwmf version 0.2.8.4, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** smail version 3.2.0.120 **Description** The issue concerns a problem in the signal handlers implemented in modes.c, which uses certain unsafe library calls. This could potentially allow attackers to execute arbitrary code by exploiting signal handler race conditions, possibly leveraging xmalloc. **Recommendations** For smail version 3.2.0.120, consider applying a patch or fix that addresses the unsafe library calls in signal handlers to prevent potential code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** smail version 3.2.0.120 **Description** The issue concerns multiple vulnerabilities in the smail package of the Debian GNU/Linux operating system, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. A buffer overflow vulnerability in smail 3.2.0.120 allows remote attackers or local users to execute arbitrary code via a long string in the `MAIL FROM` command and possibly other SMTP commands. **Recommendations** For smail version 3.2.0.120, consider restricting access to the `MAIL FROM` command and other potentially vulnerable SMTP commands until a patch is available. As a temporary workaround, limiting the length of input strings in these commands may help mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.